Hypervisor-enforced self encrypting memory in computing fabric

ABSTRACT

Methods and systems for securing memory within a computing fabric are disclosed. One method includes allocating memory of one or more host computing systems in the computing fabric to a partition, the partition included among a plurality of partitions, the computing fabric including a hypervisor installed on the one or more host computing platforms and managing interactions among the plurality of partitions. The method includes defining an address range associated with the memory allocated to the partition, receiving a memory operation including an address within the address range, and, based on the memory operation including an address within the address range, issuing, by the hypervisor, an indication that the memory operation is occurring at an encrypted memory location. The method also includes performing the memory operation, and performing an encryption operation on data associated with the memory operation.

BACKGROUND

Computer system virtualization allows multiple operating systems andprocesses to share the hardware resources of a host computer. Ideally,the system virtualization provides resource isolation so that eachoperating system does not realize that it is sharing resources withanother operating system and does not adversely affect the execution ofthe other operating system. Such system virtualization enablesapplications including server consolidation, co-located hostingfacilities, distributed web services, applications mobility, securecomputing platforms, and other applications that provide for efficientuse of underlying hardware resources.

Existing virtualization systems, such as those provided by VMWare andMicrosoft, have developed relatively sophisticated virtualizationsystems that are architected as a monolithic virtualization softwaresystem that hosts each virtualized system. In other words, thesevirtualization systems are constructed to host each of the virtualizedsystems on a particular computing platform. As such, the virtualizationsystems or virtual machine monitors (VMMs) associate hardware resourcesof a particular platform with each partition. Typically, this involvessharing of resources across multiple partitions. For example, twopartitions may share a same processor and memory resource (although maybe separated by address ranges or otherwise maintained to ensureisolated memory management). Furthermore, two such partitions may alsoshare input/output devices, such as keyboards, mice, printing ports,Ethernet ports, or other communications interfaces.

When computing resources of a host computer are allocated to aparticular virtual partition, those resources are generally dedicated tothat partition, and the partition can be exposed to other partitions viavirtual local area networks (vLANs) within a computing fabric. However,such an arrangement has disadvantages. In particular, two partitionsresiding on the same host computer may be exposed to each other via avLAN despite being on the same platform, and therefore may rely on I/Odevice-based communication interfaces (and assumptions built into thesoftware used to communicate via those interfaces). Accordingly,communication among partitions may be less efficient than wouldotherwise be possible if the partitions had knowledge of operation on acommon platform. Furthermore, as communication interface technologiesused for networking between host computers improve, latency andbandwidth issues regarding inter-computer communications become lesscritical.

Additional disadvantages exist because, in traditional virtualizationenvironments, communications among partitions and usage of resources atdifferent partitions is heavily managed and regulated by both theoperating system within the partition and the virtualization layersupporting the partition. Such communications and system resource usagespread across multiple platforms has traditionally been discouraged inexisting virtualization platforms.

SUMMARY

In summary, the present disclosure relates to virtualization systems,and in particular to methods and systems for managing guest partitionsand memory access mechanisms among guest partitions.

In a first aspect, a method for securing memory within a computingfabric is disclosed. One method includes allocating memory of one ormore host computing systems in the computing fabric to a partition, thepartition included among a plurality of partitions, the computing fabricincluding a hypervisor installed on the one or more host computingplatforms and managing interactions among the plurality of partitions.The method includes defining an address range associated with the memoryallocated to the partition, receiving a memory operation including anaddress within the address range, and, based on the memory operationincluding an address within the address range, issuing, by thehypervisor, an indication that the memory operation is occurring at anencrypted memory location. The method also includes performing thememory operation, and performing an encryption operation on dataassociated with the memory operation.

In a second aspect, a system is disclosed that includes one or more hostcomputing platforms and a plurality of partitions instantiated acrossthe one or more host computing platforms, each of the plurality ofpartitions allocated computing resources of the one or more hostcomputing platforms, the plurality of partitions including a partitionallocated memory from the one or more host computing platforms, thememory associated with an address range. The system further includes ahypervisor installed on the one or more host computing platforms andmanaging interactions among the plurality of partitions. The hypervisoris configured to, based on receipt at a partition of a memory operationincluding an address within the address range: issue an indication thatthe memory operation is occurring at an encrypted memory location:perform the memory operation; and perform an encryption operation ondata associated with the memory operation.

In a third aspect, a system for managing secured memory in a computingfabric is disclosed. The system includes a programmable circuit of ahost computing platform within the computing fabric and a memorycommunicatively connected to the programmable circuit. The memory storescomputer-executable instructions which, when executed, cause thecomputing platform to perform: allocating memory of one or more hostcomputing systems in the computing fabric to a partition, the partitionincluded among a plurality of partitions, the computing fabric includinga hypervisor installed on the one or more host computing platforms andmanaging interactions among the plurality of partitions; defining anaddress range associated with the memory allocated to the partition;receiving a memory operation including an address within the addressrange; based on the memory operation including an address within theaddress range, issuing, by the hypervisor, an indication that the memoryoperation is occurring at an encrypted memory location; performing thememory operation; and performing an encryption operation on dataassociated with the memory operation.

This summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates system infrastructure partitions in an exemplaryembodiment of a host system partitioned using the para-virtualizationsystem of the present disclosure;

FIG. 2 illustrates the partitioned host of FIG. 1 and the associatedpartition monitors of each partition;

FIG. 3 illustrates memory mapped communication channels amongst variouspartitions of the para-virtualization system of FIG. 1;

FIG. 4 illustrates a distributed multi-host system in which aspects ofthe present disclosure can be implemented:

FIG. 5 illustrates an example block diagram of a host computing systemuseable to implement the para-virtualization systems of FIGS. 1-3,above;

FIG. 6 illustrates an example allocation of a portion of resources ofone or more host computing systems within a computing fabric topartitions managed by the para-virtualization systems described herein;

FIG. 7 illustrates an example arrangement in which I/O transactions aremanaged via a non-volatile memory controller implemented and managedusing the para-virtualization systems described herein, according to anexample embodiment of the present disclosure;

FIG. 8 illustrates an example arrangement in which I/O transactions aremanaged via a non-volatile memory controller implemented and managedusing the para-virtualization systems described herein, which is useableacross different host computing systems, according to an exampleembodiment of the present disclosure;

FIG. 9 illustrates an example hierarchy of partition and servicessupporting that partition manageable across a computing fabric using thepara-virtualization systems described herein;

FIG. 10 illustrates a flowchart for managing persistent guest memory viaa storage partition, according to an example embodiment of the presentdisclosure;

FIG. 11 illustrates generation of a secure application identity keyuseable to secure an application in memory according to exampleembodiments of the present disclosure;

FIG. 12 illustrates a structure of a secured application identity keydatabase useable to secure an application in memory, according toexample embodiments of the present disclosure;

FIG. 13 illustrates an arrangement in which a secured application canuse an application programming interface to ensure secured memoryaccess, according to example embodiments of the present disclosure;

FIG. 14 illustrates an arrangement useable to securely store anapplication image for a secured application, according to exampleembodiments of the present disclosure;

FIG. 15 illustrates a flowchart of a method for implementing aself-encrypting memory via hypervisor enforcement, according to anexample embodiment;

FIG. 16 illustrates a flowchart of a method for accessing secured datafrom a hypervisor-enforced secured memory, according to an exampleembodiment;

FIG. 17 illustrates a flowchart of an alternative method for assessingsecured data from a hypervisor-enforced secured memory; and

FIG. 18 illustrates a flowchart of a method for storing secured data ina hypervisor-enforced secured memory, according to an exampleembodiment.

DETAILED DESCRIPTION

Various embodiments of the present invention will be described in detailwith reference to the drawings, wherein like reference numeralsrepresent like parts and assemblies throughout the several views.Reference to various embodiments does not limit the scope of theinvention, which is limited only by the scope of the claims attachedhereto. Additionally, any examples set forth in this specification arenot intended to be limiting and merely set forth some of the manypossible embodiments for the claimed invention.

The logical operations of the various embodiments of the disclosuredescribed herein are implemented as: (1) a sequence of computerimplemented steps, operations, or procedures running on a programmablecircuit within a computer, and/or (2) a sequence of computer implementedsteps, operations, or procedures running on a programmable circuitwithin a directory system, database, or compiler.

As briefly described above, embodiments of the present invention aredirected to virtualization systems, and in particular to methods andsystems for managing guest partitions and memory access mechanisms amongguest partitions. In some embodiments, guest partitions can be allocatedone or more storage devices, such as solid state or non-volatile memorydevices, which are exposed as a particular address range. In such cases,various additional features of such a partition (in some embodiments,referred to as a persistent partition) can be implemented, such as byproviding persistent, secured memory useable by that partition or otherpartitions hosted on the same computing platform or on differentcomputing platforms within a network.

In various additional embodiments, encryption or other securitytechniques can be applied at the virtualization layer (e.g., by ahypervisor), allowing a partition having a memory resources exposed toother partitions act as a secure memory module relative to those otherpartitions, with that partition being exposed as having a particularaddress range that is managed by the hypervisor and accessible by otherguest partitions via an API. Because, in some such embodiments, ahypervisor manages security but the partition maintains knowledge of theaddresses that are secured (or otherwise maintained on a non-volatiledevice), for example via an extended page table, the hypervisor canselectively expose or enforce security policies relative to the exposed“memory” provided by such a partition based on cues provided by thepartition and its allocated memory.

Furthermore, such encryption and security technologies, enforced by thevirtualization layer supporting the partition, allow for variousadditional features to be employed, such as providing forhypervisor-enforced (and hypervisor-exposed) memory that can be accessedby guest partitions, and which is maintained in an encrypted state in away that is obscured to the operating system of the guest partitionaccessing that memory included in the storage partition. Additionally,because such memory can be persisted as non-volatile, specific portionsof memory can be maintained as “trusted”, and can store referenceversions or trusted versions of applications to be loaded by thatpartition or other guest partitions within the fabric. Such reference,or trusted, applications can be accessed by decryption using a keymaintained by the hypervisor.

Below, and in accordance with the present disclosure, a generaldescription of the virtualization software, and in particular an examplepara-virtualization platform, is disclosed in Part I. Part II discussesa particular allocation of resources of host computing systems topartitions that allow for the memory management and securedmemory/secured application arrangements discussed above to beimplemented. Part III discusses an arrangement in which persistentmemory is provided to a guest partition in the para-virtualizationplatform using a secure storage partition exposed as a memory range tothat guest partition. Part IV discusses various software-defined storageand memory security features with which specific storage and securityimplementations can be accomplished.

In the context of the present disclosure, virtualization softwaregenerally corresponds to software that executes natively on a computingsystem, through which non-native software can be executed by hostingthat software. In such cases, the virtualization software exposes thosenative resources in a way that is recognizable to the non-nativesoftware. By way of reference, non-native software, otherwise referredto herein as “virtualized software” or a “virtualized system”, refers tosoftware not natively executed on a particular hardware system, forexample due to it being written for execution by a different type ofmicroprocessor configured to execute a different native instruction set.In some of the examples discussed herein, the native software set can bethe x86-32, x86-64, or IA64 instruction set from Intel Corporation ofSunnyvale, Calif., while the non-native or virtualized system might becompiled for execution on an OS2200 system from Unisys Corporation ofBlue Bell, Pa. However, it is understood that the principles of thepresent disclosure are not thereby limited; rather, non-native softwaresimply can correspond to software not hosted or executed directly onhardware resources in the absence of a monitor system used to managesuch execution, and to provide an abstraction layer between theapplication or workload to be executed and the underlying hardwareresources.

I. Para-Virtualization System Architecture

Referring to FIG. 1, an example arrangement of a para-virtualizationsystem is shown that can be used in implementing the features mentionedabove. In some embodiments, the architecture discussed herein uses theprinciple of least privilege to run code at the lowest practicalprivilege. To do this, special infrastructure partitions run resourcemanagement and physical I/O device drivers. FIG. 1 illustrates systeminfrastructure partitions on the left and user guest partitions on theright. Host hardware resource management runs as a control applicationin a special control partition. This control application implements aserver for a command channel to accept transactional requests forassignment of resources to partitions. The control application maintainsthe master in-memory database of the hardware resource allocations. Thecontrol application also provides a read only view of individualpartitions to the associated partition monitors.

In FIG. 1, partitioned host (hardware) system (or node), shown as hostcomputing system 10, has lesser privileged memory that is divided intodistinct partitions including special infrastructure partitions such asboot partition 12, idle partition 13, control partition 14, first andsecond I/O partitions 16 and 18, command partition 20, operationspartition 22, and interconnect service partition 24, as well as virtualguest partitions 26 and 28. As illustrated, the partitions 12-28 do notdirectly access the underlying privileged memory and processor registers30 but instead accesses the privileged memory and processor registers 30via a hypervisor system call interface 32 that provides context switchesamongst the partitions 12-28 in a conventional fashion. Unlikeconventional VMMs and hypervisors, however, the resource managementfunctions of the partitioned host computing system 10 of FIG. 1 areimplemented in the special infrastructure partitions 12-22. Furthermore,rather than requiring re-write of portions of the guest operatingsystem, drivers can be provided in the guest operating systemenvironments that can execute system calls. As explained in furtherdetail in U.S. Pat. No. 7,984,104, assigned to Unisys Corporation ofBlue Bell, Pa., these special infrastructure partitions 12-24 controlresource management and physical I/O device drivers that are, in turn,used by operating systems operating as guests in the guest partitions26-28. Of course, many other guest partitions may be implemented in aparticular host computing system 10 partitioned in accordance with thetechniques of the present disclosure.

A boot partition 12 contains the host boot firmware and functions toinitially load the control, I/O and command partitions (elements 14-20).Once launched, the resource management “control” partition 14 includesminimal firmware that tracks resource usage using a tracking applicationreferred to herein as a control or resource management application. Hostresource management decisions are performed in command partition 20 anddistributed decisions amongst partitions in one or more host computingsystems 10 are managed by operations partition 22. I/O to disk drivesand the like is controlled by one or both of I/O partitions 16 and 18 soas to provide both failover and load balancing capabilities. Operatingsystems in the guest partitions 24, 26, and 28 communicate with the I/Opartitions 16 and 18 via memory channels (FIG. 3) established by thecontrol partition 14. The partitions communicate only via the memorychannels. Hardware I/O resources are allocated only to the I/Opartitions 16, 18. In the configuration of FIG. 1, the hypervisor systemcall interface 32 is essentially reduced to context switching andcontainment elements (monitors) for the respective partitions.

The resource manager application of the control partition 14, shown asapplication 40 in FIG. 3, manages a resource database 33 that keepstrack of assignment of resources to partitions and further serves acommand channel 38 to accept transactional requests for assignment ofthe resources to respective partitions. As illustrated in FIG. 2,control partition 14 also includes a partition (lead) monitor 34 that issimilar to a virtual machine monitor (VMM) except that it providesindividual read-only views of the resource database in the controlpartition 14 to associated partition monitors 36 of each partition.Thus, unlike conventional VMMs, each partition has its own monitor 36per vCPU of the partition such that failure of the monitor 36 does notbring down the entire host computing system 10. As will be explainedbelow, the guest operating systems in the respective partitions 26, 28(referred to herein as “guest partitions”) are modified to access theassociated partition monitors 36 that implement together with hypervisorsystem call interface 32 a communications mechanism through which thecontrol, I/O, and any other special infrastructure partitions 14-24 mayinitiate communications with each other and with the respective guestpartitions.

The partition monitors 36 in each partition constrain the guest OS andits applications to the assigned resources. Each monitor 36 implements asystem call interface 32 that is used by the guest OS of its partitionto request usage of allocated resources. The system call interface 32includes protection exceptions that occur when the guest OS attempts touse privileged processor op-codes. Different partitions can usedifferent monitors 36. This allows support of multiple system callinterfaces 32 and for these standards to evolve over time. It alsoallows independent upgrade of monitor components in differentpartitions.

The monitor 36 is preferably aware of processor capabilities so that itmay be optimized to utilize any available processor virtualizationsupport. With appropriate monitor 36 and processor support, a guest OSin a guest partition (e.g., 26, 28) need not be aware of the controlsystem of the invention and need not make any explicit ‘system’ calls tothe monitor 36. In this case, processor virtualization interruptsprovide the necessary and sufficient system call interface 32. However,to optimize performance, explicit calls from a guest OS to a monitorsystem call interface 32 are still desirable.

The monitor 36 also maintains a map of resources allocated to thepartition it monitors and ensures that the guest OS (and applications)in its partition use only the allocated hardware resources. The monitor36 can do this since it is the first code running in the partition atthe processor's most privileged level. The monitor 36 boots thepartition firmware at a decreased privilege. The firmware subsequentlyboots the OS and applications. Normal processor protection mechanismsprevent the firmware, OS, and applications from ever obtaining theprocessor's most privileged protection level.

Unlike a conventional VMM, a monitor 36 has no I/O interfaces. All I/Ois performed by I/O hardware mapped to I/O partitions 16, 18 that usememory channels to communicate with their client partitions. Aresponsibility of a monitor 36 is instead to protect processor providedresources (e.g., processor privileged functions and memory managementunits). The monitor 36 also protects access to I/O hardware primarilythrough protection of memory mapped I/O. The monitor 36 further provideschannel endpoint capabilities which are the basis for I/O capabilitiesbetween guest partitions.

The monitor 34 for the control partition 14 is a “lead” monitor with twospecial roles. It creates and destroys monitors 36, and also providesservices to the created monitors 36 to aid processor context switches.During a processor context switch, monitors 34, 36 save the guestpartition state in the virtual processor structure, save the privilegedstate in virtual processor structure and then invoke the control monitorswitch service. This service loads the privileged state of the targetpartition monitor and switches to the target partition monitor whichthen restores the remainder of the guest partition state.

The most privileged processor level (e.g., x86 ring 0) is retained byhaving the monitors 34, 36 running below the system call interface 32.This is most effective if the processor implements at least threedistinct protection levels: e.g., x86 ring 1, 2, and 3 available to theguest OS and applications. The control partition 14 connects to themonitors 34, 36 at the base (most privileged level) of each partition.The monitor 34 grants itself read only access to the partitiondescriptor in the control partition 14, and the control partition 14 hasread only access to one page of monitor state stored in the resourcedatabase 33.

Those skilled in the art will appreciate that the monitors 34, 36 of theinvention are similar to a classic VMM in that they constrain thepartition to its assigned resources, interrupt handlers provideprotection exceptions that emulate privileged behaviors as necessary,and system call interfaces are implemented for “aware” contained systemcode. However, as explained in further detail below, the monitors 34, 36of the invention are unlike a classic VMM in that the master resourcedatabase 33 is contained in a virtual (control) partition forrecoverability, the resource database 33 implements a simple transactionmechanism, and the virtualized system is constructed from a collectionof cooperating monitors 34, 36 whereby a failure in one monitor 34, 36need not result in failure of all partitions and need not result in thefailure of a multiprocessor/multi-core partition; in particular, anysymmetric multiprocessing system can, due to use of a monitor perexecution core, preserve operation of the partition using remainingexecution cores. Furthermore, failure of a single physical processingunit need not result in failure of all partitions of a system, sincepartitions are affiliated with different processing units.

The monitors 34, 36 of the invention are also different from classicVMMs in that each partition is contained by its assigned monitor(s),partitions with simpler containment requirements can use simpler andthus more reliable (and higher security) monitor implementations, andthe monitor implementations for different partitions may, but need notbe, shared. Also, unlike conventional VMMs, a lead monitor 34 providesaccess by other monitors 36 to the control partition resource database33.

Partitions in the control environment include the available resourcesorganized by host computing system 10. Available computing resources ina host node, also referred to herein as a host computing system aredescribed by way of example in FIGS. 4-5. Generally, a partition is asoftware construct (that may be partially hardware assisted) that allowsa hardware system platform (or hardware partition) to be “partitioned,”or separated, into independent operating environments. The degree ofhardware assist (e.g., physical hardware separation) is platformdependent but by definition is less than 100% (since by definition a100% hardware assist provides hardware partitions). The hardware assistmay be provided by the processor or other platform hardware features.For example, each partition may be associated with a separate processingcore or cores, but may each be associated with a separate portion of thesame system memory, networking resources, or other features. Or,partitions may time-share processing resources, but be associated withseparate memory, networking, and/or peripheral devices. In general fromthe perspective of the control partition 14, a hardware partition isgenerally indistinguishable from a commodity hardware platform withoutpartitioning hardware.

Unused physical processors are assigned to an ‘Idle’ partition 13. Theidle partition 13 is the simplest partition that is assigned processorresources. It contains a virtual processor for each available physicalprocessor, and each virtual processor executes an idle loop thatcontains appropriate processor instructions to minimize processor powerusage. The idle virtual processors may cede time at the next controltime quantum interrupt, and the monitor 36 of the idle partition 13 mayswitch processor context to a virtual processor in a differentpartition. During host bootstrap, the boot processor of the bootpartition 12 boots all of the other processors into the idle partition13.

In some embodiments, multiple control partitions 14 are also possiblefor large host partitions to avoid a single point of failure. Each wouldbe responsible for resources of the appropriate portion of the hostcomputing system 10. Resource service allocations would be partitionedin each portion of the host system 10. This allows clusters to runwithin a host computing system 10 (one cluster node in each zone) andstill survive failure of a control partition 14.

As illustrated in FIGS. 1-3, each page of memory in a controlpartition-enabled host computing system 10 is owned by one of itspartitions. Additionally, each hardware I/O device is mapped to one ofthe designated I/O partitions 16, 18. These I/O partitions 16, 18(typically two for redundancy) run special software that allows the I/Opartitions 16, 18 to run the I/O channel server applications for sharingthe I/O hardware. Alternatively, for I/O partitions executing using aprocessor implementing Intel's VT-d technology, devices can be assigneddirectly to non-I/O partitions. Irrespective of the manner ofassociation, such channel server applications include Virtual Ethernetswitch (provides channel server endpoints for network channels) andvirtual storage switch (provides channel server endpoints for storagechannels). Unused memory and I/O resources are owned by a special‘Available’ pseudo partition (not shown in figures). One such“Available” pseudo partition per node of host computing system 10 ownsall resources available for allocation, and as such is tracked byresource database 33.

In the embodiments discussed herein, control partition 14 concentrateson server input/output requirements. Plug and Play operating systemsfunction with appropriate virtual port/miniport drivers installed asboot time drivers. The hypervisor system call interface 32 may, in someembodiments, include an Extensible Firmware Interface (EFT) to provide amodern maintainable firmware environment that is used as the basis forthe virtual firmware. The firmware provides standard mechanisms toaccess virtual Advanced Configuration and Power Interface (ACPI) tables.These tables allow operating systems to use standard mechanisms todiscover and interact with the virtual hardware.

The boot partition 12 may provide certain Basic Input/Output System(BIOS) compatibility drivers if and when necessary to enable boot ofoperating systems that lack EFI loaders. The boot partition 12 also mayprovide limited support for these operating systems.

Different partitions may use different firmware implementations ordifferent firmware versions. The firmware identified by partition policyis loaded when the partition is activated. During an upgrade of themonitor associated with the control partition, running partitionscontinue to use the loaded firmware, and may switch to a new version asdetermined by the effective partition policy the next time the partitionis reactivated.

As noted above, monitors 36 provide enforcement of isolation from otherpartitions. The monitors 36 run at the most privileged processor level,and each partition has one or more monitors mapped into privilegedaddress space. Each monitor 36 uses protection exceptions as necessaryto monitor software within the virtual partition and to thwart any(inadvertent) attempt to reference resources not assigned to theassociated virtual partition. Each monitor 36 constrains the guest OSand applications in the guest partitions 26, 28, and the lead monitor 34constrains the resource management application in the control partition14 and uses its access and special hypervisor system call interface 32with the resource management application to communicate individualpartition resource lists with the associated partition monitors 36.

According to some embodiments, there are two main categories ofpartitions in the virtualization system of the present disclosure. The‘user’ partitions run guest operating systems for customer applications,and the system infrastructure partitions provide various platforminfrastructure services. For reliability, the virtualization systemarchitecture minimizes any implementation that is not contained within apartition, since a failure in one partition can be contained and neednot impact other partitions.

As will be explained in more detail below, system partition, or servicepartition, types can include:

Boot 12

Idle 13

Control 14

Command 20

Operations 22

I/O 16, 18

Interconnect 24

Each of these types is briefly discussed below.

Boot Partition 12

The boot partition 12 has assigned thereto one virtual CPU(corresponding to a physical processing core or a fractional/timesharedpart thereof), and contains the hardware partition boot firmware. It isused during recovery operations when necessary to boot and reboot thecommand partition 20 and the I/O partitions 16, 18. During bootstrap,the boot partition 12 reserves available memory and constructs thecontrol partition 14 and the initial resource map in resource database33 with all memory assigned either to the boot partition 12, the controlpartition 14, or the ‘available’ partition. The boot partition 12initiates transactions to the resource manager application until it hasalso booted the command partition 20. At this point the controlpartition 14 is attached to the command partition 20 and accepts onlyits command transactions. The boot partition boot processor alsoinitializes all additional processors to run the idle partition 13.

Idle Partition 13

In example embodiments, the idle partition 13 has one virtual CPU foreach physical CPU. These virtual CPUs are used as place holders in thesystem's CPU schedule. If the control partition 14 or partition monitor34 error recovery must remove a CPU/partition from the schedule, it isreplaced with a reference to one of these virtual CPUs. Idle processors‘run’ in the idle partition 13, rather than the control partition 14, toreduce the scope of error recovery should a hardware error occur while ahardware processor is idle. In actuality, the idle partition suspends aprocessor (to reduce power and cooling load) until the next virtualquantum interrupt. In typical scenarios, processors can be idle asignificant fraction of time. The idle time is the current sharedprocessor headroom in the hardware partition.

Control Partition 14

The control partition 14 owns the memory that contains the resourcedatabase 33 that stores the resource allocation maps. This includes the‘fractal’ map for memory, the processor schedule, and mapped I/Ohardware devices. For Peripheral Component Interconnect (PCI) I/Ohardware, this map would allocate individual PCI devices, rather thanrequire I/O partitions 16, 18 to enumerate a PCI bus. Different deviceson the same PCI bus can be assigned to different I/O partitions 16, 18.A resource allocation application in the control partition 14 tracks theresources, applies transactions to the resource database 33, and is alsothe server for the command and control channels. The resource allocationapplication runs in the control partition 14 with a minimal operatingenvironment. All state changes for the resource manager application areperformed as transactions. If a processor error occurs when one of itsvirtual CPUs is active, any partial transactions can be rolled back. Thehypervisor system call interface 32, which is responsible for virtualprocessor context switches and delivery of physical and virtualinterrupts, does not write to the master resource maps managed by theapplication. It constrains itself to memory writes of memory associatedwith individual partitions and read only of the master resource maps inthe resource database 33.

It is noted that, when multiple control partitions 14 are used, anassociated command partition 20 can be provided for each. This allowsthe resource database 33 of a large host to be (literally) partitionedand limits the size of the largest virtual partition in the host whilereducing the impact of failure of a control partition 14. Multiplecontrol partitions 14 are recommended for (very) large host partitions,or anytime a partitioned virtualized system can contain the largestvirtual partition.

Command Partition 20

In example embodiments, the command partition 20 owns the resourceallocation policy for each hardware partition 10. The operatingenvironment is, for example, XP embedded which provides a .NET Frameworkexecution environment. Another possibility is, for example, Windows CEand the .NET Compact Framework.

The command partition 20 maintains a synchronized snapshot of theresource allocation map managed by the resource management application,and all changes to the map are transactions coordinated through thecommand channel 38 (FIG. 3) with the control partition 14. The resourcemanagement application implements the command channel 38 to accepttransactions only from the command partition 20.

It is noted that in a multiple host hardware partition environment, astub command partition 20 in each host 10 could simply run in the EFIenvironment and use an EFI application to pipe a command channel 38 fromthe control partition 14, through a network, to a shared remote commandpartition 20. However, this would have an impact on both reliability andrecovery times, while providing only a modest cost advantage. Multiplecommand partitions 20 configured for failover are also possible,especially when multiple control partitions 14 are present. Restart of acommand partition 20 occurs while other partitions remain operating withcurrent resource assignments.

In accordance with the present disclosure, only a resource service inthe command partition 20 makes requests of the resource managerapplication in the control partition 14. This allows actual allocationsto be controlled by policy. Agents representing the partitions (anddomains, as described below) participate to make the actual policydecisions. The policy service provides a mechanism for autonomousmanagement of the virtual partitions. Standard and custom agentsnegotiate and cooperate on the use of physical computing resources, suchas processor scheduling and memory assignments, in one or more physicalhost partitions. There are two cooperating services. The partitionresource service is an application in the command partition 20 that istightly coupled with the control resource manager application andprovides services to a higher level policy service that runs in theoperations partition 22 (described below) and is tightly coupled with(i.e. implements) a persistent partition configuration database, and isa client of the resource service. The resource service also providesmonitoring services for the presentation tier. The partition resourceobjects are tightly controlled (e.g. administrators can not installresource agents) since the system responsiveness and reliabilitypartially depends on them. A catastrophic failure in one of theseobjects impacts responsiveness while the server is restarted. Recurringcatastrophic failures can prevent changes to the resource allocation.

Operations Partition 22

In some embodiments, the operations partition 22 owns the configurationpolicy for the domains in one or more host computing systems 10. Theoperations partition 22 is also where a data center operations (policy)service runs. As will be explained below, at least one host computingsystem 10 in a given virtual data center will have an operationspartition 22. Not all host computing systems 10 run an operationspartition 22. An operations partition 22 may be provided by multiplehosts in a virtual data center for load balancing and failover. Theoperations partition 22 does not need to run within a given hardwarepartition, and need not run as a virtual partition. The operatingenvironment within the operations partition 22 can be, for example,MICROSOFT WINDOWS XP Professional or Windows Server, or analogousoperating environments. This partition (cluster) can be shared acrossmultiple hardware partitions. The configuration policy objects andASP.NET user interface components run in the operations partition 22.These components can share a virtual partition with the commandpartition 20 to reduce cost for single host deployments.

For availability reasons, customization of partition resource agents isdiscouraged in favor of customization of policy agents. This is becausea failure in a policy agent has less impact than a resource agent to theavailability and responsiveness of the resource mechanisms. The policyagents make requests of the standard resource agents. The standardpolicy agents can also be extended with custom implementations. Insimple single hardware partition installations, the services of theoperations partition 22 can be hosted in the command partition 20.

The partition definition/configuration objects are intended to be apurpose of customization. The partition policy objects are clients ofthe resource objects. The policy service provides configuration servicesfor the presentation tier.

The operations partition user interface components are typicallyintegrated within the operations partition 22. An exemplaryimplementation may use Hypertext Markup Language (HTML) Version 4, CSS,and Jscript. The operations partition user interface is principally aweb interface implemented by an ASP.NET application that interacts withthe policy service. The user interface interacts directly with thePartition Policy Service and indirectly with a partition database of theoperations partition 22.

A .NET smart client may also be provided in the operations partition 22to provide a rich client interface that may interact directly with thepolicy and resource services to present a rich view of current(enterprise) computing resources.

A resource service in the command partition 20 selects appropriateresources and creates a transaction to assign the resources to newpartitions. The transaction is sent to the control partition 14 whichsaves transaction request to un-cached memory as a transaction audit logentry (with before and after images). The transaction is validated andapplied to the resource database 33.

An audit log tracks changes due to transactions since the last time theresource database 33 was backed up (flushed to memory), thereby allowingtransactions to be rolled back without requiring the resource database33 to be frequently flushed to memory. The successful transactionsstored in the audit log since the last resource database 33 backup maybe reapplied from the audit log to restart a failed partition. Aresource also may be recovered that has been reserved by a completedtransaction. A transaction that has not completed has reserved noresource. The audit log may be used by the resource allocation softwareto rollback any partially completed transaction that survived the cache.It should be noted that a transaction that has not completed would haveassigned some but not all resources specified in a transaction to apartition and the rollback would undo that assignment if it survived thecache.

I/O Partitions 16, 18

In the embodiment shown, a plurality of I/O partitions 16, 18 are activeon a host node 10. I/O partitions 16, 18 allow multi-path I/O from theuser partitions 26-28 and allow certain types of failures in an I/Opartition 16, 18 to be recovered transparently. All I/O hardware in hosthardware partitions is mapped to the I/O partitions 16, 18. Thesepartitions are typically allocated a dedicated processor to minimizelatency and allow interrupt affinity with limited overhead to pendinterrupts that could occur when the I/O partition 16, 18 is not thecurrent context. The configuration for the I/O partitions 16, 18determines whether the storage, network, and console components sharevirtual partitions or run in separate virtual partitions.

In example embodiments, the I/O partitions 16, 18 can include differentpartitions that implement different types of I/O operations. In anexample embodiment, a file and storage manager service executes in adedicated type of I/O partition.

Interconnect Service Partition 24

The interconnect service partition 24 coordinates inter-partitioncommunication in conjunction with the control partition 14 and thecommand partition 20. Generally, and as discussed in further detailbelow, the interconnect service partition 24 defines and enforcespolicies relating to intercommunication of partitions defined in thecommand partition, and publishes an application programming interface(API) that acts as a command-based interconnect that provides thevarious guest partitions and I/O partitions 16, 18 intercommunicationcapabilities.

In some embodiments, the interconnect service partition 24 defines oneor more security policies for each of the partitions included on allplatforms, including the platform on which it resides. The interconnectservice partition 24 implements permissions defined in such securitypolicies to ensure that partitions intercommunicate only with thoseother partitions to which they are allowed to communicate. To that end,and as discussed in further detail below, the interconnect servicepartition 24 can define one or more security zones, each of whichdefining a “virtual fabric” of platforms capable of intercommunication.As such, each security zone represents a virtual network ofinterconnected partitions. Each virtual network defined by theinterconnect service partition 24 can be configured such that partitionswithin the virtual fabric can intercommunicate, but partitions notincluded within that virtual fabric are incapable of communicating withmember partitions (e.g., unless both of those partitions are part of adifferent virtual fabric). By defining a plurality of virtual fabricswithin each system, partitions are by default untrusted, or closed,rather than trusted, or open. That is, in the absence of defined virtualfabrics, the partitions are assumed able to intercommunicate. However,with defined virtual fabrics, only those partitions defined as part of acommon virtual fabric will intercommunicate, with partitions otherwise,by default, unable to communicate.

In addition, the interconnect service partition 24 defines one or morerights assignable to each virtual fabric by way of the security policy,thereby allowing each virtual fabric to have assigned a variety of typesof rights or services to each partition or virtual fabric. As furtherdiscussed below, virtual fabrics including one or more guest partitions26, 28 can be constructed in which a particular quality of service(e.g., reliability, uptime, or dedicated levels of processing and/ormemory and/or bandwidth resources) is associated with a particularvirtual fabric. To ensure such service uptime, one or more different orredundant partitions can be dynamically added to or subtracted from thevirtual fabric.

User Partitions 26-28

The user partitions 26, 28 host the workloads that form the purpose ofthe virtualization system, and are described in normal domains for auser. These partitions are also sometimes referred to as “guest”partitions, in that they are visible to guests or users of thevirtualization system, and as such are the partitions that a userprimarily interacts with. All of the other partition types are describedin the system domains and are generally kept out of view of typicalusers.

System Startup

When the host computing system 10 is booted, the EFI firmware is loadedfirst. The EFI firmware boots the operating system associated with thecontrol partition 14. The EFI firmware uses a standard mechanism to pickthe boot target. Assuming the loader is configured and selected, bootproceeds as follows.

The loader allocates almost all of available memory to prevent its useby the firmware. (It leaves a small pool to allow proper operation ofthe firmware.) The loader then creates the resource database's memorydata structures in the allocated memory (which includes a boot commandchannel predefined in these initial data structures). The loader thenuses the EFI executable image loader to load the control monitor 34 andmonitoring application into the control partition 14. The loader alsojacks the boot monitor underneath the boot partition 12 at some pointbefore the boot loader is finished.

The loader then creates transactions to create the I/O partition 16 andcommand partition 20. These special boot partitions are loaded fromspecial replicas of the master partition definitions. The commandpartition 20 updates these replicas as necessary. The boot loader loadsthe monitor, and firmware into the new partitions. At this point, theboot loader transfers boot path hardware ownership from the bootfirmware to the I/O partition 16. The I/O partition 16 begins runningand is ready to process I/O requests.

The loader creates transactions to create a storage channel from thecommand partition 20 to an I/O partition 16, and a command channel 38from the command partition 20 to the control partition 14. At this pointthe boot loader sends a final command to the control partition 14 torelinquish the command channel 38 and pass control to the commandpartition 20. The command partition 20 begins running and is ready toinitialize the resource service.

The command partition operating environment is loaded from the bootvolume through the boot storage channel path. The operating environmentloads the command partition's resource service application. The resourceservice takes ownership of the command channel 38 and obtains a snapshotof the resources from the control partition's resource database 33.

A fragment of the policy service is also running in the commandpartition 20. This fragment contains a replica of the infrastructurepartitions assigned to this host. The policy service connects to theresource service and requests that the ‘boot’ partitions are startedfirst. The resource service identifies the already running partitions.By this time, the virtual boot partition 12 is isolated and no longerrunning at the most privileged processor level. The virtual bootpartition 12 can now connect to the I/O partition 16 as preparation toreboot the command partition 20. If all I/O partitions should fail, thevirtual boot partition 12 also can connect to the control partition 14and re-obtain the boot storage hardware. This is used to reboot thefirst I/O partition 16.

The boot partition 12 remains running to reboot the I/O and commandpartitions 16, 20 should they fail during operation. The controlpartition 14 implements watchdog timers to detect failures in these (aswell as any other) partitions. The policy service then activates otherinfrastructure partitions as dictated by the current policy. This wouldtypically start the redundant I/O partition 18.

If the present host computing system 10 is a host of an operationspartition 22, operations partition 22 is also started at this time. Thecommand partition 20 then listens for requests from the distributedoperations partitions. As will be explained below, the operationspartition 22 connects to command partitions 20 in this and other hoststhrough a network channel and network zone. In a simple single hostimplementation, an internal network can be used for this connection. Atthis point, the distributed operations partitions 22 start the remainingpartitions as the current policy dictates.

All available (not allocated) memory resources are owned by the special‘available’ partition. In the example of FIGS. 1 and 2, the availablepartition is size is zero and thus is not visible.

Referring to FIG. 3, virtual channels are the mechanism partitions usein accordance with the invention to connect to zones and to providefast, safe, recoverable communications amongst the partitions. Forexample, virtual channels provide a mechanism for general I/O andspecial purpose client/server data communication between guestpartitions 26, 28 and the I/O partitions 16, 18 in the same host. Eachvirtual channel provides a command and I/O queue (e.g., a page of sharedmemory) between two partitions. The memory for a channel is allocatedand ‘owned’ by the guest partition 26, 28. These queues are discussed infurther detail below in connection with the interconnect ApplicationProgramming Interface (API) as illustrated in FIGS. 6-9. The controlpartition 14 maps the channel portion of client memory into the virtualmemory space of the attached server partition. The control applicationtracks channels with active servers to protect memory during teardown ofthe owner guest partition until after the server partition isdisconnected from each channel. Virtual channels can be used forcommand, control, and boot mechanisms as well as for traditional networkand storage I/O.

As shown in FIG. 3, the control partition 14 has a channel server 40that communicates with a channel client 42 of the command partition 20to create the command channel 38. The I/O partitions 16, 18 also includechannel servers 44 for each of the virtual devices accessible by channelclients 46, such as in the operations partition 22, interconnect servicepartition 24, and one or all guest partitions 26, 28. Within each guestvirtual partition 26, 28, a channel bus driver enumerates the virtualdevices, where each virtual device is a client of a virtual channel. Thedotted lines in I/O partition 16 represent the interconnects of memorychannels from the command partition 20 and operations partitions 22 tothe virtual Ethernet switch in the I/O partition 16 that may alsoprovide a physical connection to the appropriate network zone. Thedotted lines in I/O partition 18 represent the interconnections to avirtual storage switch. Redundant connections to the virtual Ethernetswitch and virtual storage switches are not shown in FIG. 3. A dottedline in the control partition 14 from the command channel server 40 tothe transactional resource database 33 shows the command channelconnection to the transactional resource database 33.

A firmware channel bus (not shown) enumerates virtual boot devices. Aseparate bus driver tailored to the operating system enumerates theseboot devices as well as runtime only devices. Except for I/O virtualpartitions 16, 18, no PCI bus is present in the virtual partitions. Thisreduces complexity and increases the reliability of all other virtualpartitions.

Virtual device drivers manage each virtual device. Virtual firmwareimplementations are provided for the boot devices, and operating systemdrivers are provided for runtime devices. The device drivers convertdevice requests into channel commands appropriate for the virtual devicetype.

Additional details regarding possible implementation details of apartitioned, para-virtualization system, including discussion ofmultiple are discussed in U.S. Pat. No. 7,984,104, assigned to UnisysCorporation of Blue Bell, Pa., the disclosure of which is herebyincorporated by reference in its entirety. Other example partitioningmechanisms, and additional details regarding partitioning within such acomputing arrangement, are described in U.S. Provisional PatentApplication No. 61/827,775, filed on May 28, 2013, as well as copendingU.S. patent application Ser. No. 14/133,803 (Attorney Docket No. TN587A)and Ser. No. 14/133,808, (Attorney Docket No. TN587B), the disclosuresof each of which are hereby incorporated by reference in theirentireties.

II. Computing Systems Implementing Secure and Persistent Partitions

Referring now to FIGS. 4-5, example arrangements of computing resourcesare illustrated for establishing a para-virtualization system across aplurality of host computing systems, such as host computing system s 10of FIGS. 1-3, are shown. In particular, FIGS. 4-5 illustrate examplecomputing resources in which the para-virtualization systems includingpartitions having hypervisor-enforced persistence and security describedherein can be implemented.

As illustrated in FIG. 4, a system 100 in which the para-virtualizationsystems of the present disclosure can be implemented is shown. Thesystem 100 is, in the embodiment shown, distributed across one or morelocations 102, shown as locations 102 a-c. These can correspond tolocations remote from each other, such as a data center owned orcontrolled by an organization, a third-party managed computing clusterused in a “cloud” computing arrangement, or other local or remotecomputing resources residing within a trusted grouping. In theembodiment shown, the locations 102 a-c each includes one or more hostsystems 104. The host systems 104 represent host computing systems, andcan take any of a number of forms. For example, the host systems 104 canbe server computing systems having one or more processing cores andmemory subsystems and are useable for large-scale computing tasks. Inone example embodiment, a host system 104 can be as illustrated in FIG.5.

As illustrated in FIG. 4, a location 102 within the system 100 can beorganized in a variety of ways. In the embodiment shown, a firstlocation 102 a includes network routing equipment 106, which routescommunication traffic among the various hosts 104, for example in aswitched network configuration. Second location 102 b illustrates apeer-to-peer arrangement of host systems. Third location 102 cillustrates a ring arrangement in which messages and/or data can bepassed among the host computing systems themselves, which provide therouting of messages. Other types of networked arrangements could be usedas well.

In various embodiments, at each location 102, the host systems 104 areinterconnected by a high-speed, high-bandwidth interconnect, therebyminimizing latency due to data transfers between host systems. In anexample embodiment, the interconnect can be provided by an Infinibandswitched fabric communications link; in alternative embodiments, othertypes of interconnect technologies, such as Fibre Channel, PCI Express,Serial ATA, or other interconnect could be used as well.

Among the locations 102 a-c, a variety of communication technologies canalso be used to provide communicative connections of host systems 104 atdifferent locations. For example, a packet-switched networkingarrangement, such as via the Internet 108, could be used. Preferably,the interconnections among locations 102 a-c are provided on ahigh-bandwidth connection, such as a fiber optic communicationconnection.

In the embodiment shown, the various host system 104 at locations 102a-c can be accessed by a client computing system 110. The clientcomputing system can be any of a variety of desktop or mobile computingsystems, such as a desktop, laptop, tablet, smartphone, or other type ofuser computing system. In alternative embodiments, the client computingsystem 110 can correspond to a server not forming a cooperative part ofthe para-virtualization system described herein, but rather whichaccesses data hosted on such a system. It is of course noted thatvarious virtualized partitions within a para-virtualization system couldalso host applications accessible to a user and correspond to clientsystems as well, for example management services applications that areprovided by a fabric service manager application.

It is noted that, in various embodiments, different arrangements of hostsystems 104 within the overall system 100 can be used; for example,different host systems 104 may have different numbers or types ofprocessing cores, and different capacity and type of memory and/orcaching subsystems could be implemented in different ones of the hostsystem 104. Furthermore, one or more different types of communicativeinterconnect technologies might be used in the different locations 102a-c, or within a particular location.

Referring to FIG. 5, an example block diagram of a host computing system200 useable to implement the para-virtualization systems of FIGS. 1-3,is shown. The host computing system 200 can, in some embodiments,represent an example of a host system 104 of FIG. 4, useable within thesystem 100. The host computing system 200 includes one or moreprocessing subsystems 202, communicatively connected to a system memory204. Each processing subsystem 202 can include one or more processingcores 206, shown as processing cores 206 a-n. Each processing core can,in various embodiments, include one or more physical or logicalprocessing units capable of executing computer-readable instructions. Inexample embodiments, the processing cores 206 a-n can be implementedusing any of a variety of x86 instruction sets, such as x86, x86-64, orIA64 instruction set architectures. In alternative embodiments, otherinstruction set architectures, such as ARM, MIPS, Power, SPARC, or othertypes of computing set architectures could be used.

In addition, each of the processing subsystems 202 can include one ormore card-based processing subsystems including a plurality of socketsfor supporting execution cores 206 a-n, or alternatively can support asocket-based or mounted arrangement in which one or more execution coresare included on a single die to be mounted within the host computingsystem 200. Furthermore, in the embodiment shown, a plurality ofprocessing subsystems 202 can be included in the host computing system,thereby providing a system in which one or more cores could be allocatedto different partitions hosted by the same computing hardware; inalternative embodiments, a single processing subsystem including one ormore processing cores 206 a-n could be included in the host computingsystem 200, and that processing subsystem 202 could be implementedwithout separation from system memory 204 by a card-basedimplementation.

As illustrated, the system memory 204 is communicatively interconnectedto the one or more processing subsystems 202 by way of a system bus 205.The system bus is largely dependent upon the architecture and memoryspeed support of the processing subsystems with which it is implemented;although example systems provide different frequencies and throughputsof such system buses, in general the bus system between processingsubsystems 202 and the system memory is a low-latency, high bandwidthconnection useable to rapidly retrieve data from the system memory 204.System memory 204 includes one or more computer storage media capable ofstoring data and/or instructions in a manner that provides for quickretrieval of such data and/or instructions by a corresponding processingcore 206. In different embodiments, the system memory 204 is implementedin different ways. For example, the memory 204 can be implemented usingvarious types of computer storage media.

In the embodiment shown, system memory 204 can be allocated to one ormore partitions using the software described herein. In the exampleillustration shown, sub-sections of the system memory 204 can beallocated to a control partition section 210 and one or more memorypartitions 212. The control partition section 210 includes a monitor211, which in some embodiments can represent monitor 34. The controlpartition section 210 can also include a resource database 214 thattracks resources allocated to other partitions within the host computingsystem 200. This can include, for example, a listing of execution cores206, capacity and location of system memory 204, as well as I/O devicesor other types of devices associated with each partition. In exampleembodiments, the resource database 214 can correspond to database 33 ofFIGS. 1-3.

In the embodiment shown, the system memory 204 includes memorypartitions 212 which each are associated with different partitionsformed within a host computing system 200. The memory partitions 212can, in the embodiment shown, each include a monitor 216, an associatedoperating system 218, and one or more applications or workloads 220 tobe executed within the partition. Since each memory partition 212 can beassociated with one or more execution cores 206 in the resource database214, the assigned execution cores can be used to access and execute themonitor software 216 as well as the operating system 218 and workloads220.

It is noted that in some embodiments, the partition 212 may includemultiple instances of the monitor software 216. This may be the case,for example, for partitions that have allocated thereto more than oneexecution core. For such cases, monitor software 216 may be allocatedfor and used with each execution core. Therefore, there may be more thanone such monitor executing per partition, with each monitor handlingvarious I/O, memory, or interrupt servicing tasks that may be issuedwith respect to that particular execution core. Each monitor supervisesexecution of software within a partition as allocated to a particularexecution n core; accordingly, if a single partition has multipleexecution cores, the operating system 218 may allocate execution ofoperating system tasks, or the workload(s) 220, to one or both of theexecution cores. The host computing device includes an I/O subsystem 222that includes one or more input devices 224, output devices 226, andstorage devices 228. The input devices 224 can include, for example, akeyboard, a mouse, a pen, a sound input device, a touch input device,etc. Output device(s) 226 can include, for example, a display, speakers,a printer, etc. The aforementioned devices are examples and others maybe used. Storage devices 228 store data and software instructions notdirectly accessible by the processing subsystems 202. In other words,the processing subsystems 202 perform an I/O operation to retrieve dataand/or software instructions from the storage device 228. In variousembodiments, the secondary storage device 228 includes various types ofcomputer storage media. For example, the secondary storage device 228can include one or more magnetic disks, magnetic tape drives, opticaldiscs, solid state memory devices, and/or other types of computerstorage media.

In some specific embodiments discussed herein, one or more secondarystorage devices 228 can be embodied as non-volatile storage devices,such as a non-volatile (e.g., flash) mass storage device, or a set ofredundant devices. In some implementations, such non-volatile storagedevices can be instantiated within the overall system 200 asnon-volatile DIMMs, operating as main memory storage devices rather thanI/O devices. Details regarding usage of such devices are provided below.

The I/O subsystem 222 further includes one or more communicationconnections 230. The communication connections 230 enable the computingdevice 1000 to send data to and receive data from a network of one ormore such devices. In different embodiments, the communicationconnections can be implemented in different ways. For example, thecommunications connections can include a network interface cardimplementing an Ethernet interface, a token-ring network interface, afiber optic network interface, a wireless network interface (e.g.,Wi-Fi, WiMax, etc.), or another type of network interface. Thecommunication connections 232 can also include an inter-systemcommunication connection for direct data communication between computingsystems, such as a Infiniband switched fabric communications link, or aFibre Channel, PCI Express, Serial ATA, or other type of direct datacommunication link.

It is noted that, in some embodiments of the present disclosure, otherarrangements of a partition may be included as well, providing variousallocations of execution cores 206, system memory 204, and I/O devices224, 226 within the I/O subsystem 222. For example, a partition mayinclude zero or more execution cores 206; in the event that no processoris included with the partition, the partition may lack a monitor 216,and may instead of having an executable operating system 218 may insteadinclude a library of commands accessible to one or more servicespartitions, for example useable to provide I/O or memory services tothose other service partitions. Furthermore, a particular partitioncould be allocated access to a storage device 228 or communicationconnections 230.

It is noted that in the present embodiment an interconnect servicepartition 250 and a trusted code section 260 maintained in the systemmemory 204. The interconnect service partition 250 maintains a monitor251 providing virtualization services. The interconnect servicepartition 250 and trusted code section 260, described in further detailbelow in connection with FIGS. 6-17, manage exposure of computingresources across partitions, such as by exposing a memory rangeallocated to one partition to other partitions as a persistent memoryaccessible by those other partitions. Such partitioned, special-purposememory can also be managed by the interconnect service partition 250,monitor(s) 251, and trusted code section 260 to supervise transactionsin that memory range, and optionally to act on data (e.g., byencrypting/decrypting, verifying identity, or other operations) toprovide increased security and reliability of the system overall.

It is noted that, in typical hypervisor arrangements, failures occurringin one execution core allocated to the partition result in failure ofthe partition overall, since the failure results in failure of themonitor associated with the partition. In connection with the presentdisclosure, partitions including multiple monitors can potentiallyrecover from such failures by restarting the execution core andassociated monitor using the remaining, correctly-executing monitor andexecution core. Accordingly, the partition need not fail.

As used in this document, a computer storage medium is a device orarticle of manufacture that stores data and/or computer-executableinstructions. Computer storage media may include volatile andnonvolatile, removable and non-removable devices or articles ofmanufacture implemented in any method or technology for storage ofinformation, such as computer readable instructions, data structures,program modules, or other data. By way of example, and not limitation,computer storage media may include dynamic random access memory (DRAM),double data rate synchronous dynamic random access memory (DDR SDRAM),reduced latency DRAM, DDR2 SDRAM, DDR3 SDRAM, DDR4 SDRAM, solid statememory, read-only memory (ROM), electrically-erasable programmable ROM,optical discs (e.g., CD-ROMs, DVDs, etc.), magnetic disks (e.g., harddisks, floppy disks, etc.), magnetic tapes, and other types of devicesand/or articles of manufacture that store data. Computer storage mediagenerally includes at least some tangible, non-transitory media and can,in some embodiments, exclude transitory wired or wireless signals.Communication media may be embodied by computer readable instructions,data structures, program modules, or other data in a modulated datasignal, such as a carrier wave or other transport mechanism, andincludes any information delivery media. The term “modulated datasignal” may describe a signal that has one or more characteristics setor changed in such a manner as to encode information in the signal. Byway of example, and not limitation, communication media may includewired media such as a wired network or direct-wired connection, andwireless media such as Wi-Fi, acoustic, radio frequency (RF), infrared,and other wireless media. In accordance with the present disclosure, theterm computer readable media as used herein may include computer storagemedia, but generally excludes entirely transitory embodiments ofcommunication media, such as modulated data signals.

Furthermore, embodiments of the present disclosure may be practiced inan electrical circuit comprising discrete electronic elements, packagedor integrated electronic chips containing logic gates, a circuitutilizing a microprocessor, or on a single chip containing electronicelements or microprocessors. For example, embodiments of the inventionmay be practiced via a system-on-a-chip (SOC) where each or many of thecomponents illustrated in FIGS. 4-5 may be integrated onto a singleintegrated circuit. Such an SOC device may include one or moreprocessing units, graphics units, communications units, systemvirtualization units and various application functionality all of whichare integrated (or “burned”) onto the chip substrate as a singleintegrated circuit. Embodiments of the invention may also be practicedusing other technologies capable of performing logical operations suchas, for example, AND, OR, and NOT, including but not limited tomechanical, optical, fluidic, and quantum technologies. In addition,embodiments of the invention may be practiced within a general purposecomputer or in any other circuits or systems.

Although particular features are discussed herein as included within ahost computing system 200, it is recognized that in certain embodimentsnot all such components or features may be included within a computingdevice executing according to the methods and systems of the presentdisclosure. Furthermore, different types of hardware and/or softwaresystems could be incorporated into such an electronic computing device.

III. Allocation of Host Resources to Guest Partitions

Referring now to FIG. 6, details regarding implementation of aparticular arrangement of partitions are provided which representpossible arrangements in which aspects of the present disclosure can beimplemented. In particular, FIG. 6 illustrates an example system 250 inwhich various partitions can be allocated resources from one or morehost computing systems, based on which a hypervisor (including monitorsand a trusted code base, as well as optional service partitions, asdiscussed further below).

In the embodiment shown, a plurality of partitions are hosted on ahardware layer 270. The hardware layer 270 generally represents thephysical components of the computing fabric, including a plurality ofprocessor(s) 206, memory 204, and I/O devices 224, 226. The hardwarelayer 270 can be implemented in any manner suitable for use within adistributed multi-partition system, for example in the same or differenthost systems. Any such host system as described above in connection withFIGS. 4-5 would be suitable, in connection with the present disclosure.

As noted above, such features can be included in a single host computingsystem, but in typical embodiments will be included among a plurality ofcommunicatively connected host computing systems.

In the embodiment shown, the plurality of partitions includes aninterconnect service partition 262, a guest partition 264, as well as apersistent partition 266, and an encrypted memory partition 268. Ofcourse, other partitions, such as other guest partitions or servicepartitions, could be included as well; the present set of partitionsillustrated are for purposes of illustration only. It is noted thatother partitions or partition types can and typically will be executingon the hardware layer as well, for example as discussed above inconnection with FIGS. 1-3 (e.g., the boot partition, idle partition, andother service partitions discussed therein).

As noted above, each of the partitions is hosted by a monitor 251, whichexposes to that partition the resources of the computing fabric, andintervenes on behalf of the partition in interacting with the computingfabric. This includes, for example, allocating, to each of thepartitions, one or more types of computing resources. In typical cases(and therefore not shown) a set of computing resources may be allocatedto partitions including a processor 206, a dedicated portion of memory204, and optionally an interface to one or more I/O devices. A trustedcode base 260 coordinates with monitor 251 to implement a hypervisorlayer between the partitions 262, 264, 266, 268 and the hardware layer270. The trusted code base 260 can be used to perform low-level,privileged operations, and can be granted access at a very highprivilege level (i.e., maximizing its right to view/modify systemmemory).

For purposes of illustration here, two special purpose guest partitions,the persistent partition 266 and encrypted memory partition 268, areshown. These special purpose guest partitions are designated as such,for purposes of explanation in the present disclosure, based on theresources which are allocated to those partitions.

In the example embodiment presented here, the persistent partition 266includes one or more storage devices, such as non-volatile memory or I/Odevices, which are allocated to that partition. The persistent partition266 can also include, for example, an operating system 265 (e.g., aWindows, Linux, or Just Enough OS based operating system) to load itselfinto memory from a read only disk image. However, the persistentpartition 266 executes entirely from non-volatile memory, such asnon-volatile storage devices 228. Those storage devices are exposed tothat partition by nVME layer 275. Optionally, the nVME layer 275, andtherefore persistent memory, are exposed to the partition 266, and toother partitions (e.g., guest partition 264 or other persistentpartitions 266). Additionally, the persistent partition 266 can begenerated via an accessible API 261 that is provided by the hypervisor,for example at the trusted code base 260, and which can be called by aremote partition to instantiate a trusted process within an isolated,persistent partition.

The memory address range associated with the non-volatile memory of thepersistent partition can be managed in an extended page table by theGuest OS 265 associated with that persistent partition 266. Thepersistent partition 266 will be exposed to a range of memory addresses,via the nVME layer 275, that translate to storage locations on thenon-volatile storage devices 228. This can be achieved, for example byproviding a device within the persistent partition 266 that exposes arange of addresses that can be mapped into the persistent partition 266and managed via an I/O virtual machine (IOVM) 276. The IOVM 276 isimplemented as part of the interconnect services partition 262 andmanages communication with the non-volatile storage devices 228allocated to the persistent partition via a file and storage manager(FSM) partition 277. The FSM partition 277 corresponds to a specifictype of I/O service partition managed by the interconnect servicespartition 262. When addresses within the allocated range are accessed,the device will treat what appears to the persistent partition 266 asmemory operations into vNVMe requests based on the memory address rangeas mapped to the non-volatile storage devices 228 (e.g., SSDs), andthose vNMe requests are routed to the I/O virtual machine 276 and theFSM 277 for accessing the non-volatile storage devices 228. In exampleembodiments, the device can either be a standard device driver, or canhook into the DMA-mapping routines of the kernel of the Guest OS 265associated with the persistent partition 266.

In the embodiment shown, the persistent partition 266 also includes aROM 269 from which one or more applications are loaded. Accordingly,applications executing in the persistent partition 266 are persistent,since they are loaded from ROM 269 into non-volatile memory. Failure ofthe persistent partition 266, therefore, will not cause loss of datastored in that partition, which would otherwise be lost when volatilememory associate with a partition is deallocated when the partitionfails.

In example embodiments, the non-volatile memory associated with thepersistent partition 266 can take the form of solid state storagedevices (SSDs), or alternatively non-volatile dual in-line memorymodules (NVM DIMMs).

In addition to trusted execution by the persistent partition 266 alone,access to such non-volatile memory can be provided to other guestpartitions, including other persistent partitions. In suchcircumstances, a guest partition 264 can execute various software (e.g.,BIOS 263, Guest Operating System 265, and applications hosted thereon).As further discussed below, because such storage devices arenon-volatile, another partition, such a guest partition, if it isexposed to the storage partition 266 via an API, can either (1) storedata at the memory address range allocated to the storage partitionbased on such execution, or (2) load software or data directly into thatmemory address range. Accordingly, if guest partitions accessingnon-volatile memory via the persistent partition 266 would fail for somereason, that storage may remain in operation, which may allow the guestpartition to be re-instantiated and continue execution with limitedinterruption. Furthermore, because the address range of the persistentpartition 266 can be exposed to multiple guest partitions, those otherpartitions can access a common, redundant non-volatile memory partitionto multiple different guest partitions, even across different computingplatforms. Furthermore, such persistent partitions 266 can be mirroredreadily across host platforms, thereby providing for redundancy across acomputing fabric if so desired. Additional details regarding usage of apersistent partition are provided below in connection with FIGS. 7-10.

Additionally in the embodiment shown, an encrypted memory partition 268can be allocated various memory or storage devices, such as thenon-volatile storage devices included in the persistent partition 266,or other types of memory. In the embodiment shown, the encrypted memorypartition 268 is simply allocated a particular memory address range inmemory, shown as memory 204 a-b. The memory 204 a-b can be, as shown,implemented as an NVDIMM 204 a or a solid state storage device (SSD) 204b. The encrypted memory partition 268 generally corresponds to a guestpartition having allocated a particular memory address range for whichencryption can be enforced by the hypervisor, for example via themonitor 251 and trusted code base 260. Such encryption or decryptionoperations can be performed, for example, based on an address of amemory request received by an extended page table handler 295 managed bythe operating system 265 of that encrypted memory partition 268. Forexample, the extended page table handler 295 may trigger an interrupt orfault that is handled by the monitor 251 and trusted code base 260 byperforming an encryption or decryption operation for reads/writes tothose memory addresses for which that trigger occurs. Based on suchevents, memory can remain encrypted by a mechanism not required to beexposed to software within the partition 268 itself but which managesencryption and decryption when moving data between memory and aprocessor cache of a processor allocated to the encrypted memorypartition 268.

In example embodiments, the encrypted memory partition 268 can bevalidated and have contents verified during the encryption/decryptionprocess by comparing a hash of memory contents to contents of a memoryhash map (MHM) 290 that is managed by the hypervisor. As illustrated,the MHM is managed in a common trusted code base 260; however, in otherembodiments, each monitor 251 can manage a memory hash map for thecorresponding partition hosted by that monitor.

In some embodiments, the monitor 251 of the encrypted memory partition268 can expose an API accessible to other partitions or to applicationsexecuting within that partition, shown as security API 285. As with theMHM 290, the security API can be hosted by the hypervisor, for exampleby either monitor 251 or trusted code base 260. Details regardingoperation and usage of such an API are discussed in further detail belowin connection with FIGS. 12-17. Using such an API and encrypted memoryoperations, the encrypted memory partition 268 can implement secureapplications and a runtime measured execution environment in whichcorrectness of memory is monitored, both within the partition and forRDMA-based transfers of data among partitions and host computingsystems. Additional details and advantages of such an arrangement arealso provided below.

IV. Persistent Partition Setup and Operation

Referring now to FIGS. 7-10, further details regarding an exampleembodiment of a persistent partition are provided. In the embodimentsdiscussed herein, a classic file system is not used for data storage,but rather all data is simply maintained in memory (i.e., not written todisk via I/O). By using large, non-volatile memories (e.g., SSDs or NVMDIMMs), such memory can be persisted within a trusted environment.Accordingly, secure partitions for existing operating systems can becreated, for example useable to execute applications that run on JeOS,such as databases or webservers.

In general, a persistent guest 266 can be created and used just like anyother guest partition, or it can be created and started via API fromanother guest partition (e.g., guest partition 264). The non-volatilememory associated with a persistent guest 266 can be implemented in twosteps, for example by (1) setting up the access to non-volatile memorydevices, and (2) mapping memory addresses to them.

FIG. 7 illustrates an example arrangement 300 in which I/O transactionsare managed via a non-volatile memory controller implemented and managedusing the para-virtualization systems described herein, according to anexample embodiment of the present disclosure. The arrangement 300 asillustrated represents an implementation of an IOVM, such as IOVM 276 ofFIG. 6, above. In general, the arrangement includes an NVMe controller302 in communication with one or more guest interfaces 310, shown as theplurality of guest interfaces 310 a-d, as well as a controller 304. Inthe embodiment shown, the controller includes a submission queue 306 anda completion queue 308, and each of the guest interfaces 310 a-cincludes a corresponding I/O submission queue 312 a-c and I/O completionqueen 312 a-c, respectively. Accordingly, the persistent partition 266can communicate with the allocated non-volatile memory (e.g., SSDs orNVM DIMMs) using nVME layer 275 via IOVM 276.

FIG. 8 illustrates an example arrangement 400 in which I/O transactionsare managed via a non-volatile memory controller implemented and managedusing the para-virtualization systems described herein. The arrangementcan be implemented within the persistent partition 266, for example aspart of an NVMe layer 275 implemented within a persistent partition.

In this arrangement, the IOVM 276 includes a virtual NVMe (vNVMe) layer402 that is interfaced to a controller 404, as well as a plurality ofcores 410 a-c. The controller 404 has a submission queue 406 and acompletion queue 408, and cores 410 a-c correspondingly have I/Osubmission queues 412 a-c and I/O completion queues 414 a-c,respectively. These submission and completion queues represent storageoperations that would otherwise be routed to an I/O device for massstorage, but instead are routed directly to non-volatile memory via thevirtual NVMe layer 402 (and to FSM 277). The vNVMe layer 402 then routessuch submission and completion messages to either a local IOVM 300 (asdiscussed above in connection with FIG. 7) and FSM 277, or a remote IOVM300′ via an RDMA-based data transfer.

It is noted that, to the extent a fabric contains a plurality ofpersistent partitions 266, only one such partition need implement thevNVMe layer 402, with other partitions granted access to that layer foraccess to non-volatile memory. Accordingly, secure applications canreadily be mirrored across different persistent partitions, either onthe same host computing system, or (via RDMA) across different hostcomputing systems within the fabric.

Referring now to FIG. 9 an example hierarchy 500 is shown, includingpersistent partition and services supporting that partition manageableacross a computing fabric. The persistent partition 266 is implementedon a vNVMe layer 402, which communicates, via an IOVM, to the FSM 277.The FSM can then communicate directly with a local non-volatile memory(e.g., SSDs 502) or route data requests remotely to a remote FSM 504 viaRDMA transfer as well.

Referring to FIGS. 6-9 generally, it is noted that use of the FSM 277allows for mapping of an I/O device, such as an SSD, into memory of thepersistent partition, which allows the persistent partition to persistits state. Persisted state allows the partition to be moved across thefabric either (1) by copying memory from one platform to another, or (2)by sharing the FSM 277 via the interconnect service partition 262.Additionally, such persistent guests can readily be moved or couldfailover to other platforms, or distributed to allow multiple persistentguests to access a common set of non-volatile memory devices for addedprocessing capabilities.

Referring generally to FIGS. 6-9, it is noted that although thepersistent partition can be started and operated in an analogous mannerto a guest partition, such a persistent partition can also can becreated using an API 285 exposed to a developer, for example hosted by amanagement system (not shown) or within a trusted code base 260. In thiscase, an SDK could be used that would allow a developer to createisolated processes that execute within a persistent partition inaddition to standard processes and threads APIs provided by regularguest partitions. Security API 285 also provides a secure method tocommunicate between the Isolated Process and the caller via securechannel. Additional details regarding the security API are discussedbelow.

FIG. 10 illustrates a flowchart of a method 600 for managing persistentguest memory via a storage partition, according to an example embodimentof the present disclosure. The method 600 can be performed, for example,within a computing fabric such as is disclosed herein, and in which apersistent guest is established using non-volatile memory in place ofdisk storage.

In the embodiment shown, the method includes allocating a persistentpartition (step 602) in a computing fabric. The allocation of thepersistent partition includes allocating to that partition one or morenon-volatile memory devices, such as SSDs or NVM DIMMs, as well as oneor more processors capable of executing application code and optionallya read-only memory from which an operating system and one or moretrusted applications can be loaded. This allocation can be made andenforced, for example, by a hypervisor, such as monitor 251 and trustedcode base 260.

In some embodiments, the allocation of the persistent partition can alsoinclude allocating one or more read-only memories to the persistentpartition that can include, stored thereon, one or more validated,trusted applications. When loaded for execution, the applications can bestored in non-volatile memory and validated against the content of theread-only memories, ensuring non-corrupted software is executed by thepersistent partition.

In the embodiment shown, the method includes associating a memory rangewith the persistent partition (step 604). The memory range associationcan be performed, for example, by a FSM partition 277 and/or IOVM 276,as noted above, thereby allowing monitor 251 to expose to the persistentpartition 266 the non-volatile memory devices as memory addresses withina particular memory address range. In example embodiments, the memoryaddress range includes an entire memory address range allocated forstorage to the persistent partition.

The method also includes executing software loaded from a trustedstorage location into memory within the memory space (step 606). Thiscan include, for example, execution of a trusted application once loadedinto non-volatile memory from the read-only memory.

In example embodiments, other operations and/or steps can be included inthe method. For example, if the persistent partition is called orinstantiated by another partition (e.g., via an API call), the methodcan include processing the API call to instantiate the partition.Additionally, the method can further include receiving memory operationsaddressed to the memory range from a partition external from thepersistent partition, in particular in cases where a persistentpartition hosts a vNVMe controller that is used to manage storage for aplurality of different partitions. Other operations are possible aswell, based on the above discussion of the persistent partition and theplatforms on which it may be implemented.

IV. Secured Memory and Secured Application Management

Referring now to FIGS. 11-17, methods and systems for managing anencrypted memory partition 268 are discussed, in conjunction withexample embodiments of the present disclosure. The methods and systemsdescribed herein allow for hypervisor-enforced memory security that canbe accomplished entirely independently from either the memory-processorinterface and with only minimal involvement by a hosted operatingsystem. For example, encrypted regions of memory can reside at addressesincluded in a particular extended page table entry managed by theoperating system of a particular partition; that operating system canissue a specific alert or interrupt in the event that memory location isaccessed (e.g., by issuing an interrupt or other alert). Such an alert,typically received by or handled in hardware, could be received at andhandled by the hypervisor, which can retrieve encrypted data in thememory, manage decryption of such retrieved data, and manage encryptionof data to be written to memory.

Such encrypted memory regions can provide a number of advantages. Forexample, memory locations used by applications or databases can beencrypted. Additionally, even if a developer or system administratorfails to encrypt data residing in memory that could be accessed byhackers, the system will automatically protect it via encryption.Additionally, such self-encrypted memory regions can be used to providea runtime measured execution environment (RMEE) that will verify thecorrectness of data in memory to ensure that it has not been tamperedwith. Secure applications can be created, which are dedicated to aparticular platform, utilize secured memory, and are monitored duringruntime within an RMEE. Such an arrangement will prevent unregisteredprograms from executing, and can also prevent execution of securedapplications in an unsecured environment.

It is noted that, in some embodiments, the extended page table handler295 described above can be used to implement aspects of this feature. Inparticular, the extended page table handler 295 can control access topredetermined pages of memory, and one or more monitors 251 can be usedto encrypt or decrypt data stored at those memory ranges. Accordingly, aguest partition's memory range may be maintained in an encrypted state,with only the data currently in use by a processor and/or cache beingdecrypted. Such an arrangement is particularly advantageous in the caseof non-volatile memory (e.g., for mobile devices) to avoid issuesassociated with cold boot attacks.

In still further embodiments, as noted above a security API 285 can bepublished and exposed by the hypervisor. The security API 285 caninclude features which allow an application to mark specific regions ofmemory to be encrypted. Such an arrangement allows limits to be placedon the number of times required to access a monitor, which isadvantageous for performance reasons (e.g., to avoid constant monitorinterruption of execution by a partition).

Referring to FIG. 11, a block diagram of a system 700 is shown thatgenerates a secure application identity key useable to secure anapplication in memory according to example embodiments of the presentdisclosure. The system 700 can be used, for example, to store anapplication securely in memory such that decryption of the applicationfor execution is managed by the hypervisor in a way that is largelyoffloaded from the hosted software.

In the embodiment shown, the system 700 includes an identity key useableto secure such data. The identity key is generated from an application702, an application identifier 704, and optional data 706 associatedwith the application. The identity key is created by calculating a hash708 of the application 702, application identifier 704, and optionaldata 706. The hash is then encrypted using a private key, therebycreating an applications identity key digital signature 710. To accessan application stored in a secured manner in memory, a monitor will addan identity key and a public encryption key to a key database forretrieval.

FIG. 12 illustrates a structure of such a secured application identitykey database 800 useable to secure an application in memory, accordingto example embodiments of the present disclosure. In the embodimentshown, each secured application key 802, shown as applications keys 802a-b, are associated with an entry for that application which includes anapplication name 804, a signed key 806, and a public key useable inassociation with the signed key to decrypt the application as stored inmemory. In the embodiment shown, two separate entries including anapplication name 804 a-b, signed key 806 a-b, and public key 808 a-b areshown, but more or fewer such entries could be included as well in thesecured application identity key database.

Referring to FIG. 13, an arrangement in which a secured application canuse an application programming interface to ensure secured memory accessis illustrated, according to example embodiments of the presentdisclosure. Use of such an application programming interface allowssecure applications to access memory via the API, thereby managinginteractions with a hypervisor and limiting those interactions toinstances of a particular subrange or particular actions/action types.

In the arrangement 900 as shown, a secure application 902 and associatedsigned key 904 are useable to access a security API, shown as securityAPI 285. The secure application 902 provides the signed identity key 904to the API 285. The monitor 251 will access the secured applicationidentity key database 800, and calculates a hash of the identity key.The monitor 251 can also use the public key in the secured applicationidentity key database 800 to decrypt the signature provided. If thecalculated hash is the same as the one decrypted, the monitor 251 allowsthe API call to succeed.

Generally, the security API 285 allows processes executing in apartition to be secured by isolating that process within the partition.A developer can define a partition of desired size (e.g., number ofprocessors, memory size, I/O devices, RDMA connections, etc.) to talk toother processes and secure processes. The developer may also selectspecific self-encrypting memory and monitoring features.

In some embodiments, a secure process can be implemented as an encryptedmemory partition having a single application executing thereon.Referring to the arrangement of encrypted memory partition 268, a guestOS 265 for such a partition could be customized JeOS (just enoughoperating system) that supports API calls to the security API 285, andincludes features required to cooperate with the monitor 251 to allowonly secure applications and/or processes to be executed.

In example embodiments of such a security API 285, the security API 285will expose features that allow a developer to select specific ranges ofmemory at which self-encryption occurs. The security API 285 willcontrol all access to the memory at those ranges, and provides calls forallocating/deallocating and read/write of specified memory ranges.

In an example implementation of the security API 285, a developer isallowed to select specific, predetermined ranges of memory forself-encryption. Such specific ranges can be, for example, an entirememory range associated with a partition, or less than the entire memoryrange associated with a particular partition. In the various embodimentsof the security API 285, it provides calls for securelyallocating/deallocating and read/write of specified memory ranges.

In example embodiments, there can be at least two different types ofoperations supported by the security API 285. A first type ofimplementation exposes allocation, write, and read operations tosoftware executing within a partition. The allocation operation exposesa virtualization call to a monitor that marks a memory region asencrypted. This arrangement does not require monitor to validate thecontents of the memory, but rather simply to encrypt data to be storedin the memory with the key known to the secure application and monitor.The write operation changes a value in memory by providing its identitykey and values to write to the monitor 251. The monitor verifies theidentity of the application from which the write request is received. Ifthe application is validated, the monitor will encrypt the data andwrite it to the memory address in memory 908. A read operation isperformed according to a standard read of memory and decryption in auser mode.

In this first example implementation, one or more guarantees of thememory regions can be made. For example, in this implementation a memoryregion is guaranteed to be encrypted but its contents not monitored orvalidated. Accordingly, a rogue program with access to the memory rangecould read or modify that memory. Of course, that rogue program couldnot read the memory, since it would not receive access to decryptedmemory, but it could write. Read data at these rogue write locationswould fail.

In a variation of the above, the write operation could instead result inthe monitor creating a page fault handler for writes to an allocatedmemory region. If a rogue program in this case attempts to write to thesecure memory, a page fault would occur, transitioning execution to themonitor. The monitor would then prevent access to the memory and takeadditional security measures.

In a second example implementation, similar allocation, write, and readoperations can be performed. However, in this implementation, theallocation operation can include setting a flag to ask the monitor towatch for memory correctness. In such embodiments, the monitorassociated with a partition will determine whether a flag is set towatch for memory correctness. If so, the monitor will create hashes foreach allocated memory page and store those hashes in the memory hash map290. The monitor will also enable a custom extended page table faulthandler (e.g., page table handler 295 of FIG. 6) to be executed duringeach memory read operation. In the case of a write operation, data andan application identity are provided to the monitor, which verifies theidentity of the application. If the application identity is acceptable(e.g., the application is the correct application allowed to write tothe secured memory), the data is encrypted and written to memory. A hashis created for the data, and the memory hash map 290 is updated with thehash value that is created. For a read operation, the application willissue a call to the API 285 which includes its identity key and thememory range for the read. The monitor 251 will verify that the key iscorrect, and obtain the data from memory pages at the memory range. Ahash of the memory contents will be matched to the hash in the memoryhash map 290 to validate the memory contents before providing them tothe application executing within the guest partition. Details regardingvarious storage and retrieval operations performed via the API aredescribed below in connection with FIGS. 16-17.

It is noted that using this second type of API implementation, it can beguaranteed that the specified memory region is protected by encryption,and also provides security checks preventing rogue programs from storingdata at secured memory locations. This implementation also has thebenefit of additional validation of memory contents when such contentsare retrieved and decrypted. In addition, one or more applications canbe specified as allowed to access the specific memory ranges, and can betracked by the monitor.

Referring now to FIG. 14 an arrangement 1000 is shown that is useable tosecurely store an application image for a secured application, accordingto example embodiments of the present disclosure. The arrangement 1000provides a system within the virtualization systems of the presentdisclosure in which a secure application can have a validated, storedbinary, thereby avoiding tampering by unauthorized users.

In the embodiment shown, a secure application 702 is loaded into thevirtualization system rather than into an operating system, and is knownto the virtualization layer. For example, in example embodiments, thebinary for the secure application 702 can take the form of a ROMDISKimage, which forms part of the trusted computing base 260 of FIG. 6.Accordingly, the image will be validated at the time of boot of eachplatform hosting the trusted computing base 260. Once the ROMDISK imageis available it is assigned to the guest partition on which the secureapplication 702 is to execute.

A user interface 1004 allows a developer to store the secure application702 in an image store 1002 within the trusted code base 260. Whenexecuted, the secure application image is then loaded into a secureapplication volume 1010 alongside JeOS in the method described above.

Referring now to FIGS. 15-17, methods for allocating encrypted memorypartitions, and for writing to and reading from secured memory asenforced by a hypervisor, are described. The methods described hereincan be accomplished, for example, by using the secured applications andencrypted memory partition 268 described above.

Referring to FIG. 15, a flowchart of a method 1100 is shown forimplementing a self-encrypting memory via hypervisor enforcement,according to an example embodiment. The method 1100 includesinstantiating one or more partitions, including at least one encryptedmemory partition, such as the encrypted memory partition 268 of FIG. 6(step 1102). Alongside instantiation of such partitions, eachinstantiated partition is allocated computing resources, such as aprocessor core (or cores), memory, access to I/O devices, and othertypes of resources. In connection with the present disclosure, part ofthe allocation of computing resources for an encrypted memory partition268 includes allocating a secure portion of memory in which encrypteddata will be stored (step 1104). Such secure memory can correspond toRAM or non-volatile memory, such as SSD or NVDIMM type devices. In theembodiment shown, the method 1100 includes defining an address range formemory associated with the encrypted memory partition 268 (step 1106).This can include, for example, defining a specific memory page or pagesthat are associated with a memory resource allocated to the partition.

In example embodiments, allocating the resources to the partition anddefining the address range can include making a call to an API exposedby the monitor to mark a memory region as encrypted. The allocationoperation can also include setting a flag to ask the monitor to watchfor memory correctness within the designated range.

In the embodiment shown, a memory operation is received (step 1108). Thememory operation can be, for example, a memory read operation or amemory write operation. Generally, the memory operation is followed by adetermination by the hypervisor of whether the memory operation isassociated with a range that is defined to include encrypted memory(step 1110). This can include, for example determining based on a pagetable that the memory operation is associated with encrypted memory. Ifthe memory operation is within the address range, a notification isissued (step 1112). The notification can be, for example a notificationthat the memory operation is retrieved from a particular application ortype of application that is allowed to read/write from the specificlocation. Such a notification can include allowing the memory operationto be performed, such as by issuing a request from an extended pagetable handler that triggers the memory operation.

The memory operation is then performed (step 1114), and an encryptionoperation is performed on the data associated with the memory operation(step 1116). The encryption operation can be, for example, encryption ofdata received for purposes of writing to a particular memory location.It can also be decryption of data retrieved from a memory location inconnection with a read operation.

Referring to FIGS. 16-17, additional details regarding read and writeoperations are described, for either accessing secured data at a memorylocation or writing data to a secured memory location. Such details aredescribed in connection with operation of a hypervisor, for example inresponse to an API call to read and/or write data according to thevarious implementations of an API as discussed herein.

FIG. 16 illustrates a flowchart of a method 1200 for accessing secureddata from a hypervisor-enforced secured memory, according to an exampleembodiment. The method 1200 generally begins upon receipt, at thehypervisor, of a memory request (e.g., a read operation) from anapplication in a partition (step 1202). The method 1200 includesvalidating the identity of the application (step 1204) to determinewhether the application is allowed to read data from the specificlocation. If the application is not allowed to read data from thatlocation, the method 1200 terminates. However, assuming validation ofthe application occurs successfully, a determination occurs whether theread operation is associated with a specific, secured address range(operation 1206). If the read operation is from a memory locationoutside a secured address range, the read operation is performednormally. However, if the read operation is associated with a memorylocation within the secured address range, the memory operationproceeds, and data is received, in an encrypted state, from memory atthe designated address (step 1208).

In the embodiment shown, the hypervisor will decrypt the data, forexample using a key specific to the application that is reading the data(step 1210), such as an application identity key associated with theapplication, retrieved from an application identity key database.Optionally, in some implementations, the hypervisor will also validatethe decrypted data (step 1212), by comparing a hash of the data to astored hash in a memory hash map, as noted above. Decrypted, andoptionally validated, data can then be returned to the application (step1214). This can include storing that decrypted data in a cacheassociated with a processor allocated to the requesting partition.

FIG. 17 illustrates a flowchart of a method 1300 for storing secureddata in a hypervisor-enforced secured memory, according to an exampleembodiment. The method 1300 generally begins upon receipt, at thehypervisor, of a memory request (e.g., a write operation) from anapplication in a partition (step 1302). The method 1300 can be performedfor example, in response to a write operation issued to an API publishedby a monitor of the hypervisor that hosts the partition including asecure application. The method includes a determination that the writeoperation is within a specific address range associated with encryptedmemory (step 1304). If the address is not in a range associated withencrypted memory, operation proceeds as normal, since the address accessis associated with unencrypted memory. However, if the address is withinthe range associated with encrypted memory, the hypervisor will alsodetermine if the request is received from a secure application (step1306). Such determinations can be performed, for example, based on anextended page table handler that manages operations based on thedetermination of a memory request addressing the specific memory range.

In the embodiment shown, the data can then be received from theapplication (e.g., from a cache from which the application executes(step 1308) and encrypted by the hypervisor (step 1310). The encryptioncan be performed, for example, using a secure application identity keystored in an application identity key database and associated with theapplication from which the data to be written to memory originated. Theencrypted data can then be stored in memory at the designated location(step 1312). Optionally, the method 1300 also includes creating a hashbased on the encrypted memory and updating a memory hash map. The memoryhash map can be used to validate accessed data during subsequent readrequests of that data, thereby preventing undetected compromise of thatdata by an unauthorized application.

Referring to FIGS. 11-17 generally, it is noted that the secureapplication and encrypted memory partition described herein provide anumber of advantages over existing systems relative to security andvalidation of memory contents. Furthermore, because such security andvalidation is performed by a hypervisor, complex hosted security systemsare not required. Furthermore because the hypervisor operates at alowest level and controls access to memory from each of the partitions,this further limits the likelihood of compromise of data when such datais required to be validated.

Although the present disclosure and its advantages have been describedin detail, it should be understood that various changes, substitutionsand alterations can be made herein without departing from the spirit andscope of the disclosure as defined by the appended claims. Moreover, thescope of the present application is not intended to be limited to theparticular embodiments of the process, machine, manufacture, compositionof matter, means, methods and steps described in the specification. Asone of ordinary skill in the art will readily appreciate from thepresent invention, disclosure, machines, manufacture, compositions ofmatter, means, methods, or steps, presently existing or later to bedeveloped that perform substantially the same function or achievesubstantially the same result as the corresponding embodiments describedherein may be utilized according to the present disclosure. Accordingly,the appended claims are intended to include within their scope suchprocesses, machines, manufacture, compositions of matter, means,methods, or steps.

The above specification, examples and data provide a completedescription of the manufacture and use of the composition of theinvention. Since many embodiments of the invention can be made withoutdeparting from the spirit and scope of the invention, the inventionresides in the claims hereinafter appended.

1. A method of securing memory within a computing fabric, the methodcomprising: allocating memory of one or more host computing systems inthe computing fabric to a partition, the partition included among aplurality of partitions, the computing fabric including a hypervisorinstalled on the one or more host computing platforms and managinginteractions among the plurality of partitions; defining an addressrange associated with the memory allocated to the partition; receiving amemory operation including an address within the address range; based onthe memory operation including an address within the address range,issuing, by the hypervisor, an indication that the memory operation isoccurring at an encrypted memory location; performing the memoryoperation; and performing an encryption operation on data associatedwith the memory operation.
 2. The method of claim 1, wherein the memoryoperation comprises a memory write operation, and wherein the encryptionoperation comprises encrypting data written to the memory.
 3. The methodof claim 1, wherein the memory operation comprises a memory readoperation, and wherein the encryption operation comprises decryptingencrypted data retrieved from memory.
 4. The method of claim 3, whereindecrypting the encrypted data is performed by the hypervisor.
 5. Themethod of claim 1, wherein the memory comprises a non-volatile memory.6. The method of claim 1, further comprising receiving a definition ofthe partition via a security API.
 7. The method of claim 1, wherein thememory operation comprises allocating the memory associated with theaddress range, and wherein the encryption operation comprisesestablishing encryption settings to be used for data stored in thememory.
 8. The method of claim 1, wherein the address range includes oneor more memory pages included in an extended page table.
 9. The methodof claim 8, wherein the indication that the memory operation isoccurring at an encrypted memory location is triggered by an extendedpage fault violation.
 10. A system comprising: one or more hostcomputing platforms; a plurality of partitions instantiated across theone or more host computing platforms, each of the plurality ofpartitions allocated computing resources of the one or more hostcomputing platforms, the plurality of partitions including a partitionallocated memory from the one or more host computing platforms, thememory associated with an address range; a hypervisor installed on theone or more host computing platforms and managing interactions among theplurality of partitions, the hypervisor configured to, based on receiptat a partition of a memory operation including an address within theaddress range: issue an indication that the memory operation isoccurring at an encrypted memory location; perform the memory operation;and perform an encryption operation on data associated with the memoryoperation.
 11. The system of claim 10, wherein the address rangeincludes one or more memory pages included in an extended page table.12. The system of claim 11, wherein the indication that the memoryoperation is occurring at an encrypted memory location is triggered byan extended page fault violation.
 13. The system of claim 10, whereinthe memory comprises a non-volatile dual in-line memory module.
 14. Thesystem of claim 10, wherein the memory comprises a non-volatile memory.15. The system of claim 10, wherein the memory comprises an entirememory allocated to the partition.
 16. The system of claim 10, whereinthe memory operation is received at the hypervisor from a secondpartition different from the partition.
 17. The system of claim 10,wherein the memory operation is included within a plurality ofoperations defined in a security API.
 18. The system of claim 17,wherein the security API exposes a plurality of functions useable todefine interaction with encrypted memory, the plurality of functionsincluding: an allocation function; a memory write function configured toreceive data, encrypt the data, and write the data at the address range;and a memory read function configured to retrieve data from the memory,decrypt the data, and provide the data to a requesting application. 19.A system for managing secured memory in a computing fabric, the systemcomprising: a programmable circuit of a host computing platform withinthe computing fabric; a memory communicatively connected to theprogrammable circuit, the memory storing computer-executableinstructions which, when executed, cause the computing platform toperform: allocating memory of one or more host computing systems in thecomputing fabric to a partition, the partition included among aplurality of partitions, the computing fabric including a hypervisorinstalled on the one or more host computing platforms and managinginteractions among the plurality of partitions; defining an addressrange associated with the memory allocated to the partition; receiving amemory operation including an address within the address range; based onthe memory operation including an address within the address range,issuing, by the hypervisor, an indication that the memory operation isoccurring at an encrypted memory location; performing the memoryoperation; and performing an encryption operation on data associatedwith the memory operation.
 20. The system of claim 19, wherein theinstructions, when executed, cause the programmable circuit to furtherperform receiving a definition of the partition via a security API.